fix: should not allow kid override by header parameter

Author: jcouyang

token/jwt/jwt.go

@@ -48,8 +48,10 @@ func (j *DefaultSigner) Generate(ctx context.Context, claims MapClaims, header M
 
 	switch t := key.(type) {
 	case *jose.JSONWebKey:
+		header.Add("kid", t.KeyID)
 		return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t)
 	case jose.JSONWebKey:
+		header.Add("kid", t.KeyID)
 		return generateToken(claims, header, jose.SignatureAlgorithm(t.Algorithm), t)
 	case *rsa.PrivateKey:
 		return generateToken(claims, header, jose.RS256, t)